//# 0 errors, 58 messages
//#
/*
    //#MathCommentAuthenticator.java:1:1: class: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator
 * Licensed to the Apache Software Foundation (ASF) under one or more
 *  contributor license agreements.  The ASF licenses this file to You
 * under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.  For additional information regarding
 * copyright in this work, please see the NOTICE file in the top level
 * directory of this distribution.
 */

package org.apache.roller.weblogger.ui.rendering.plugins.comments;

import java.util.ResourceBundle;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;


/**
 * Asks the commenter to answer a simple math question.
 */
public class MathCommentAuthenticator implements CommentAuthenticator {
    //#MathCommentAuthenticator.java:31: method: void org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator()
    //#input(void org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator()): this
    //#output(void org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator()): this.bundle
    //#post(void org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator()): init'ed(this.bundle)
    
    private transient ResourceBundle bundle =
    //#MathCommentAuthenticator.java:33: end of method: void org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator()
            ResourceBundle.getBundle("ApplicationResources");
    
    private static Log mLogger = LogFactory.getLog(MathCommentAuthenticator.class);
    //#MathCommentAuthenticator.java:36: method: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init
    //#MathCommentAuthenticator.java:36: Warning: method not available
    //#    -- call on Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator
    //#    method: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init
    //#    unanalyzed callee: Log org.apache.commons.logging.LogFactory:getLog(Class)
    //#output(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): __Descendant_Table[org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator]
    //#output(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): __Dispatch_Table.authenticate(Ljavax/servlet/http/HttpServletRequest;)Z
    //#output(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): __Dispatch_Table.getHtml(Ljavax/servlet/http/HttpServletRequest;)Ljava/lang/String;
    //#output(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): mLogger
    //#output(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): org/apache/roller/weblogger/ui/rendering/plugins/comments/CommentAuthenticator.__Descendant_Table[org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator]
    //#post(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): __Descendant_Table[org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator] == &__Dispatch_Table
    //#post(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): org/apache/roller/weblogger/ui/rendering/plugins/comments/CommentAuthenticator.__Descendant_Table[org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator] == &__Dispatch_Table
    //#post(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): __Dispatch_Table.authenticate(Ljavax/servlet/http/HttpServletRequest;)Z == &authenticate
    //#post(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): __Dispatch_Table.getHtml(Ljavax/servlet/http/HttpServletRequest;)Ljava/lang/String; == &getHtml
    //#post(org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init): init'ed(mLogger)
    //#MathCommentAuthenticator.java:36: end of method: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator__static_init
    
    
    public String getHtml(HttpServletRequest request) {
        
        String answer = "";
    //#MathCommentAuthenticator.java:41: method: String org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.getHtml(HttpServletRequest)
    //#input(String getHtml(HttpServletRequest)): " + "._tainted
    //#input(String getHtml(HttpServletRequest)): " = "._tainted
    //#input(String getHtml(HttpServletRequest)): "" .><.p>"._tainted
    //#input(String getHtml(HttpServletRequest)): ""._tainted
    //#input(String getHtml(HttpServletRequest)): "<.p><p>"._tainted
    //#input(String getHtml(HttpServletRequest)): "<input name="answer" value=""._tainted
    //#input(String getHtml(HttpServletRequest)): "<p>"._tainted
    //#input(String getHtml(HttpServletRequest)): request
    //#input(String getHtml(HttpServletRequest)): this
    //#input(String getHtml(HttpServletRequest)): this.bundle
    //#output(String getHtml(HttpServletRequest)): java.lang.StringBuffer:toString(...)._tainted
    //#output(String getHtml(HttpServletRequest)): return_value
    //#new obj(String getHtml(HttpServletRequest)): java.lang.StringBuffer:toString(...)
    //#pre[1] (String getHtml(HttpServletRequest)): request != null
    //#pre[3] (String getHtml(HttpServletRequest)): this.bundle != null
    //#presumption(String getHtml(HttpServletRequest)): (int) (java.lang.Math:random(...)@46*10) in -2_147_483_648..4_294_967_295
    //#presumption(String getHtml(HttpServletRequest)): (int) (java.lang.Math:random(...)@46*10) + (int) (java.lang.Math:random(...)@47*100) in -2_147_483_648..4_294_967_295
    //#presumption(String getHtml(HttpServletRequest)): (int) (java.lang.Math:random(...)@47*100) in -2_147_483_648..4_294_967_295
    //#presumption(String getHtml(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getSession(...)@43 != null
    //#presumption(String getHtml(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getSession(...)@59 != null
    //#presumption(String getHtml(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getSession(...)@60 != null
    //#post(String getHtml(HttpServletRequest)): init'ed(java.lang.StringBuffer:toString(...)._tainted)
    //#post(String getHtml(HttpServletRequest)): return_value == &java.lang.StringBuffer:toString(...)
    //#test_vector(String getHtml(HttpServletRequest)): javax.servlet.http.HttpSession:getAttribute(...)@44: Inverse{null}, Addr_Set{null}
        
        HttpSession session = request.getSession(true);
        if (session.getAttribute("mathAnswer") == null) {
            // starting a new test
            int value1 = (int)(Math.random()*10.0);
            int value2 = (int)(Math.random()*100.0);
            int sum = value1 + value2;
            session.setAttribute("mathValue1", new Integer(value1));
            session.setAttribute("mathValue2", new Integer(value2));
            session.setAttribute("mathAnswer", new Integer(sum));
        } else {
            // preserve user's answer
            answer = request.getParameter("answer");
            answer = (answer == null) ? "" : answer;
        }
        
        // pull existing values out of session
        Integer value1o = (Integer)request.getSession().getAttribute("mathValue1");
        Integer value2o = (Integer)request.getSession().getAttribute("mathValue2");
        
        StringBuffer sb = new StringBuffer();
        
        sb.append("<p>");
        sb.append(bundle.getString("comments.mathAuthenticatorQuestion"));
        sb.append("</p><p>");
        sb.append(value1o);
        sb.append(" + ");
        sb.append(value2o);
        sb.append(" = ");
        sb.append("<input name=\"answer\" value=\"");
        sb.append(answer);
        sb.append("\" /></p>");
        
        return sb.toString();
    //#MathCommentAuthenticator.java:75: end of method: String org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.getHtml(HttpServletRequest)
    }
    
    
    public boolean authenticate(HttpServletRequest request) {
        
        boolean authentic = false;
    //#MathCommentAuthenticator.java:81: method: bool org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.authenticate(HttpServletRequest)
    //#input(bool authenticate(HttpServletRequest)): mLogger
    //#input(bool authenticate(HttpServletRequest)): request
    //#output(bool authenticate(HttpServletRequest)): return_value
    //#pre[2] (bool authenticate(HttpServletRequest)): request != null
    //#pre[1] (bool authenticate(HttpServletRequest)): (soft) mLogger != null
    //#post(bool authenticate(HttpServletRequest)): init'ed(return_value)
    //#test_vector(bool authenticate(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getParameter(...)@84: Addr_Set{null}, Inverse{null}
    //#test_vector(bool authenticate(HttpServletRequest)): javax.servlet.http.HttpServletRequest:getSession(...)@83: Addr_Set{null}, Inverse{null}
    //#test_vector(bool authenticate(HttpServletRequest)): javax.servlet.http.HttpSession:getAttribute(...)@89: Addr_Set{null}, Inverse{null}
        
        HttpSession session = request.getSession(false);
        String answerString = request.getParameter("answer");
        
        if (answerString != null && session != null) {
            try {
                int answer = Integer.parseInt(answerString);
                Integer sum = (Integer) session.getAttribute("mathAnswer");
                
                if (sum != null && answer == sum.intValue()) {
                    authentic = true;
                    session.removeAttribute("mathAnswer");
                    session.removeAttribute("mathValue1");
                    session.removeAttribute("mathValue2");
                }
            } catch (NumberFormatException ignored) {
                // ignored ... someone is just really bad at math
            } catch (Exception e) {
                // unexpected
                mLogger.error(e);
    //#MathCommentAuthenticator.java:101: Warning: method not available
    //#    -- call on void org.apache.commons.logging.Log:error(Object)
    //#    severity: INFORMATIONAL
    //#    class: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator
    //#    method: bool authenticate(HttpServletRequest)
    //#    unanalyzed callee: void org.apache.commons.logging.Log:error(Object)
            }
        }
        
        return authentic;
    //#MathCommentAuthenticator.java:105: end of method: bool org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator.authenticate(HttpServletRequest)
    }
    
}

    //#MathCommentAuthenticator.java:: end of class: org.apache.roller.weblogger.ui.rendering.plugins.comments.MathCommentAuthenticator
